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DEVICE FOR FACILITATING AND AUTHENTICA'ITiSrG TRANSACTIONS 



The invention relates to a device for the facilitation and authentication of transactions. In 
embodiments of ihe invention, to be described below in more detail by way of example 
only, transactions between data processing apparatus (such as a personal computer), or a 
user tiiereof, and a (possibly remote) tiiird party are facilitated and authenticated by tiie 
device (or "dongle*'), and such faciUtation and authentication may also involve the 
feciUtation and authentication of a payment to be made by or on behalf of the user to the 
third party. 

According to the invention, there is provided a device for connection to a data processing 
apparatus, the device including first coupling means for operative coupling to 
authentication storage means storing predeteimined information relating to the 
authentication of atiansaction withthe data processing apparatus; second coupling means 
for operative coupling to the data processing apparatus, the device when operatively 
coupled to the data processing apparatus being responsive to an authentication process 
carried out via a communications link for authenticating the transaction, the 
autiientication process involving tiie use of the predetermined information; security data 
entry means for obtaining security data independentiy of the data processing apparatus; 
and means for storing the security data temporarily. 



According to the invention, there is also provided a device for connection to a data 



processing apparatus, the device including first coupliag means for operative coupling to 
aufh^tication storage means storing predetranined information relating to the 
authentication of a transaction with the data processing apparatus; second coupling means 
for operative coupling to the data processing apparatus; and configuration means for 
selectively rendering the second coupling means available for coupling to the data 
processing apparatus, the device when operatively coupled to the data processing 
apparatus being responsive to an authentication process carried out via a communications 
liTiV for authenticating the transaction, the authentication process involving the use of the 
predetermined configuration information. 

Devices for connection to data processing apparatus (such as a personal computer) 
embodying the invention, will now be described, by way of example only, with reference 
to the accompanying diagrammatic drawings in which: 

Figure 1 is a block diagram for explaining the operation of the method in relation to the 
data processing apparatus; 

Figure 2 is a flow chart for use in the understanding of the block diagram of Figure 1; 
Figure 3 is a block diagram corresponding to Figure 1 in which a "dongle" is used; and 



Figure 4 is a perspective view of one configuration of a dongle; 



Figure 5A shows a front view of a second configuration of a dongle; 
Figure 5B shows a side view of the dongle of Figure 5 A; 

Figure 5C shows a cross-sectional view taken along line x-x of Figure 5B but with the 
dongle connector extended; 

Figure 5D shows a side view corresponding to Figure 5B but with the dongle connector 
extended; 

Figure 6 A shows a front view of a tibird configuration of a dongle; 
Figure 6B shows a side view of the dongle of Figure 6 A; 

Figure 6C shows a front view corresponding to Figure 6 A but with the dongle connector 
extended; 

Figure 6D shows a side view corresponding to Figure 6B but with the dongle connector 
extended; 

Figure 7A shows a front view of a fourth configuration of a dongle; 
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Figure 7B shows a side view of the dongle of Figure 7 A; 

Figure 7C shows a front view corresponding to Figure 7A but with the dongle connector 
extended; 

Figure 7D shows a side view corresponding to Figure 7B but with the dongle connector 
extended; 

Figure 8A shows a front view of a fifth configuration of a dongle; 

Figure 8B shows a side view of the dongle of Figure 8A; and 

Figure 8C shows how the electrical connector emerges from the casing of the dongle. 

In Ihe figures like elements are generally designated with the same reference numbers. 

There exist many instances whaa a transaction involving the use of data processing 
apparatus requires authentication. For example, the data processing apparatus may be 
required to carry out a transaction, such as tbe exchange of information, with a third party, 
such as a remote third party with which the communication must be made over a 
telecommunications Imk (including viatbe Internet). The thirdparty may require that the 
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data processing apparatus, or the xiser thereof for the tune being, is authenticated to the 
satisfaction of the third party before the transaction takes place. 

As stated, the transaction may merely involve the exchange of information. For example, 
the user of the data processing apparatus may simply need to be authenticated in order to 
download information from the third party. Such information may be information kept by 
the third party on behalf of the user of the data processing apparatus (for example, 
information relating to the user's bank account). Instead, the information might be 
information held on other data processing apparatus, such as a data network belonging to 
an organisation or commercial entity with which the user is connected or by whom the 
\iser is employed, thus facilitating access to that network by the user when the user is 
travelling. Another possible transaction may involve the downloading by the data 
processing apparatus of software from the remote location. 

In addition, the transaction may require a payment to be made by the user in order to 
Miable the transaction to take place, such as a payment to the third party in return for the 
information provided. Clearly, when such a payment is involved, it is important that the 
user is authenticated to the satisfaction of the third party and that the payment is made in a 
safe, simple and secure maimer. 

Although the foregoing discussion has referred to a "user" of the data processing 
apparatus, some at least of the transactions described above may not in fact involve any 
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humariuser: the data processing apparatus maybe required to operate automatically (for 
example, intermittently operating in an information-gathering or monitoring role, and 
reporting the results to a third party). In such cases, it may also be necessary for the data 
processing apparatus to authenticate itself to the satisfaction of the third party. 

As described in our co-pending patent applicationNo. GB 0224228.7, the dataprocessing 
apparatus is provided with, or associated with, means (authentication storage means) for 
storing predetermiued authentication information for authenticating that apparatus or a 
particular user thereof. In one embodiment, the means for storing the predetermined 
information is removable and can thus be taken by the user and inserted into any data 
processing apparatus (or computer) which is adapted to receive it, so as to enable that user 
to be authenticated in respect to a transaction to be carried out by that user with that 
computer. Advantageously, in such a case the means for storing the predetermined 
information is in the form of a smart card. 

In a more specific example, the smart card is a Subscriber Identity Module or SIM of the 
type used in and for authenticating the use of handsets in a cellular telecommunications 
network. Such a network will store details of its users' (subscribers') SIMs. In operation 
of the network, auser's handset is authenticated (for example, when the user activates the 
handset on the network with a view to making or receiving calls) by sending a challenge 
to the handset incorporating that SIM, in response to which the SIM calculates a reply 
(dependent on the predetermined information held on the SIM) and transmits it back to 
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the network which checks it against its own information for that user or subscriber in 
order to complete the aulJientication process. In the same way, therefore, the SIM canbe 
used in or in association with the data processing apparatus or computer so that the same 
form of authentication process can be carried out. In a case where the SIM is the SIM of 
a subscriber to a particular ceUular telecommunications network, the authentication 
process can be carried out by that network. 

It should be noted that tiie authentication process being described does not necessarily 
authenticate the hmmn identity of the user. For example, ceUular telecommunication 
networks have pre-pay subscribers who are issued wifli SIMs in return for pre-payment 
enabling them to make calls on the network. However, Hie identity of such pre-pay 
subscribers is not known (or not necessarily known) by the networks . Neverflieless, such 
auser camiot make use of the network untQ the networkhas authenticatedthatuser's SIM 
- that is, has conjBrmed that that user is a particular user who has a particular pre-paid 
account with the network. The SIMs of such pre-paid users or subscribers could equally 
weU be used (in the manner described) in or in association with data processing apparatus 
or cpmputers, for the purposes of authenticating that user. 

The SIM need not take the form of a physical (and removable) smart cardbut instead can 
be simulated by being embedded in the data processing apparatus or conq)uterinthe form 
of software or represented as a chip for example. 
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It inay be desirable to be able to change the authentication infonnation on the SIM (or 
simulated SIM) to take account of changed circumstances. For example, the SIM maybe 
a SIM registered wititi a particular cellular telecommunications network - a network 
applicable to the country or region where the data processing apparatus or computer is to 
be used. However, circumstances may arise (for example, the apparatus or the computer 
is physically moved to a different country or region) in which it is desirable or necessary 
to re-register the SIM with a different cellular telecommunications network. Ways in 
which this can be done are disclosed in our co-pending United Kingdom patent 
appUcations Nos. 0118406.8, 0122712.3 and 0130790.9 and in our corresponding PCX 
appHcationsNos.GB02/003265andGB02/003260. As described Iherein in more detaU, a 
SIM (and thus also a simulated SIM) may be initially provided with authentication (and 
other) information relating to each of a plurality of networks, the information respective 
to the different networks being selectively activatable. 

It is not necessary, however, for the users to be subscribers to a telecommunications 
network. Instead, they coiddbe subscribers registered with some other centralised system 
which could then carry out the authentication process in the same way as in a 
telecommunications network. In such a case, the registration of a SIM (or simulated SIM) 
could be transferred from one such centralised system to another in tbe same mamier as 
described above. 



As described above, an aim of the authentication process is to faciUtate a transaction 
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between the data processing apparatus or computer and a third party. Wbere the 
authentication process is carried out by a teleconmiunications network, or by some other 
system, to which the user of the SIM is a subscriber, the satisfactory completion of the 
authentication process would thenbecommunicatedbythatnetwork or system to the third 

party - to enable the transaction to proceed. 

For many transactions of the type described, a payment by the user to the third party may 
be involved. An arrangement as described above, in which the authentication process is 
carried out by a telecommunications network or other centrahsed system to which the user 
is a subscriber advantageously facilitates the making of such payments and is particularly 
advantageous where (as may often be the case) the payment is for a small amount (for 
example, payment in return for receipt of information - e.g. weather or traffic 
information, or for temporary use of specific software); in sucha case, the payment can 
be debited to the account of the subscriber held by the telecommunications network or 
other centrahsed system - and then, of course, passed on to the third party, perhaps after 
deduction of a handling charge. 

The block diagram of Figure 1 explains one way of operating the method described 
above. 



A Windows-based personal con^juter or PC 10 is shown ('Windows' is a trade mark). 
The PCIO is adapted to receive a SIM shown diagrammatically at 12. The SIM may be 
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removably fitted to the PC, for use in identifying a user (that is, the holder of the SIM) or 
may be fixed within the PC (for identifying the PC itself). The PC 10 incoiporates 
transaction management software 14 which interacts with and controls some of the 
functions of the SIM. 

Also shown in Figure 1 is a cellular telephone network 16, such as the Vodafone (trade 
mark) network, and it is assumed that the SIM 12 is registered wilii the network 16. 

The operation of the system shown in Figure 1 will be explained in relation to the flow 
chart of Figure 2. 

At step A, the user of the PC 10 requests use of aparticular application 17 on the PC. For 
example, ihe user might wish to view web pages containing spedalised information which 

are encrypted and thus not generally available. In order to do this, the user requests a 
"session key''-timt is, permission to carry outatransaction involving time-limited useof 

the particular appUcation. The request for the session key is addressed to the transaction 
manager 14. The transaction manager 14 then, transmits identification informatioii 
derived from the SIM 12 (an "I am here" message) to the security services part 1 8 of the 
network 16 (step B). In response to the "I am here" message, the network transmits a 
random challenge (step C) to the transaction manager 14, this challenge being based on 
information known to the network about the SIM 12. 
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At step D, the transaction manager 14 responds to the challenge by providing an answer 
derived from the challenge and the key held on the SIM. The reply is checked by the 
sectirity services part 18 of the network 16. Assuming that the response is satisfactory, 
the security services part 18 authenticates the user and confirms this to the transaction 
manager 14 (step E). At the same time, Ihe security services part 18 in the network 
transmits the session key (step F) to the appHcation services part 22 of the network 1 6. 

The transaction manager 14 also transmits the session key to the appUcation 17 (step G). 

The user can now make the request for the particular appHcation (step H), accompanying 
this application request with the session key received at step G. The appHcation request 
of step H is transmitted to an application services part 22 which may be part of the 
network 16 (as shown) or may be separate and controlled by a third party. At step I the 
application services part compares the session key received with the appHcation request 
(step H) with the session key received at step F. Assuming that the result of this check is 
satisfactory, the application services part 22 now transmits acceptance of the application 
request (step J) to-the PC 10, and the appHcation now proceeds (time Hmited). The 
network can now debit the user's account with a charge for the session. 



The foregoiiig is of course merely one example of an implementation of what 
described. 



12 . . 
In an alternative arrangement, a data carrier may be provided wifli means for storing 

predetermined information such as in one of the forms described above - that is, a SIM or 
(more probably) software simulating a SIM. The simulated SIM is associated with data 
stored on the data carrier. The data carrier may, for example, be a DVD or CD ROM or 
some other similar data carrier, and the data thereon may be software or a suite of 
software. 

The simulated SIM may be used to identify and authenticate the data (such as the 
software) on the data carrier. The simulated SIM will be registered with a 
telecommunications network or some other centralised system, in the same manner as 
described above. When the data carrier is placed in data processing apparatus such as a 
computer, for use therein, the SIM would be used to identify and authenticate the data 
carrier and the data stored tiiereon and (for example) could then permit the software to be 
downloaded for use in tihe computer. In this way, the SIM could be used subsequently to 
block further use of the software (for example, in another computer), or to allow the data 
to be used for only a predetermined number of times (whether in the same or in a different 
computer) . If, for example, the data carrier (with its SIM) is placed in a computer which 
has also received a particular user' s SIM then (a) the SIM on the data carrier can be used 
to identify and authenticate the software and (b) the SIM in or associated with the 
computer can be used to authenticate the user and could subsequently be used to enable a 
charge to be debited to that user as payment for use of the software. 
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In our co-pending patent appHcation No. GB 0307248.5 we describe an arrangement 
where, rather than the PCIO being adapted to receive a SIM 12, or a data carrier being 
modified to- incorporate a SIM or software simulating a SIM, a separate device or 
"dongle" 30 (Figures 3 and 4) is provided for receiving the SIM 12, or for mcorporating 
software simulating the SIM 12. 

The dongle 30 allows data for authenticating a transaction (or for any other appropriate 
purpose) to be passed between the dongle 30 and the PC 10 and onwardly to/from the 
network 16. 

The dongle 30 comprises a plastics housing 32 havmg a slot for receiving a SIM 12. 
Appropriate connectors (not shown) are provided within the housing 32 for allowing 
electronic exchange of data between the SIM 12 and the dongle 30. The dongle 30 
further comprises a suitable comiector 34 for allowing connection for data communication 
purposes to the PC 10. For example, the connector could be a USB connector, aFirewire 
1 394 connector or any other suitable connector. Of course, dijBferent configurations of the 
dongle may be provided. For example, the SIM 12 may be accommodated completely 
within the dongle 30, and may be removable from the dongle 30 by opening the housing 
32, or the SIM 12 may be permanently sealed within the dongle casing 32. If the latter 
arrangement is provided, a user of the telecommunication system may be provided with a 
first SIM for use, for example, in their mobile telephone handset and may be provided 
with a dongle 30 which hoiises a separate SIM which is used for perfonning transactions 
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via a PC 1 0. If desired, the telecommunications network will include a record indicating 
that the SIM within the user's mobile handset and the SIM within the user's dongle are 
commordy owned, and this information may be used to conveniently provide the user with 
a single account of charges incurred in respect of use of both the SIMs. 

The dongle 30 is provided with a dongle interface driver 36 which controls 
communication with the PC 10. All communications from the PCIO are routed via ttie 
dongle interface driver 36 and data stored on the SIM 12 cannot be accessed other than by 
using the dongle interface driver 36. A corresponding PC interface driver 38 is provided 
for the PC 10. The PC interface driver 38 may, for example, comprise a series of 
commands in the form of a computer programme which is loaded onto and run by the PC 
10. The PC interface driver 38 noay, for example, be provided by or under the control of 
the network 1 6. The PC interface driver 3 8 will therefore be "trusted" by the network 1 6 
and will be configured to only allow access to the dongle 30 and consequently the SIM 12 
in an approved maimer which will not allow the security information present on the SIM 
12 to be compromised. 

To prevent, or to reduce, the likelihood of the PC interface driver 38 being replaced or 
bypassed by an alternative driver, which could compromise the secmity of the data on the 
SIM 12, the PC interface driver 38 and the dongle iaterface driver 36 are provided with 
respective shared secret keys 40, 42. Each communication from the PC interface driver 
38 to the dongle 30 is encrypted using the shared secret key 40. All commimications from 
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the PC 10 to the dongle 30 are received by the dongle interface driver 36. The dongle 
interface driver 3 6 comprises processing means for decrypting received communications 
■ using its secret key 42. To enhance security, the dongle interface driver 36 will prevent 
all communications other than those encrypted using the shared secret key 40 from 
sending data to or receiving data from the SIM 12. 

Therefore, the PC interface driver 38 controls and supervises access to the dongle 30 and 
the SIM 12 to reduce the likelihood of the data stored on the SIM 12 being compromised 
by unauthorised attanpts to access the SIM 12. 

Provided that a request for access to data on the SIM 12 is approved by the PC interface 
driver (according, for example, to criteria set by the network 16), and is therefore 
communicated to the dongle interface driver 36 with the appropriate key 40, atransaotion 
can be authorised using the SIM 12 in the manner described in relation to Figures 1 and2. 

A ftirther arrangement will be described in relation to Figure 4. According to Figure 4, 
the dongle 30 has the SIM 12 accommodated completely within its housing 32, and the 
SIM cannot therefore be seen in the Figure. The dongle 30 has a connector 34 for 
connection to a EC 10 in a similar mamier to the Figure 3 embodiment. At the opposite 
end of the casing 32 an optional loop comiector 44 may be provided to provide a 
convenient means for carrying the dongle 30 by attaching it to a user's keyring. 
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One face of the housing 32 has a variety of push buttons 46 mounted thereon, ten of 
which have respective numerals from 0 to 9 displayed thereon. In this embodiment, the 
dongle 30 includes means (such as software) for receiving the entry of a PIN number from 
a user by operating the appropriately designated push buttons 46 which is compared to the 
PIN number provided for and stored on the SIM 12. The SIMs used in the GSM 
telecommunications network are conventionally provided with such a PIN. 

The housing 32 may ftirfher optionally provide a display 48 for prompting the user to 
enter their PIN number and/or for displaying the PIN number as it is entered, if desired. 
On entry of the PIN number using the push buttons 46, the entered PIN number is 
compared to the PIN number stored on the SIM. If the PINs are found to match, 
communication between the SIM and the PCIO is permitted to authorise one or more 
transactions. The comparison between the entered PIN number and the PIN number 
stored on the SIM 12 is performed within the dongle 30, and neither the entered PIN 
number nor the PIN number stored on the SIM is communicated to the PCIO. This 
prevents or reduces the likelihood that the PINs will become compromised by disclosure 
to an authorised party. 

The PIN entry comparison airangCTient of Figure 4 may be provided in addition to or as 
an alternative to the interface drivers 36,38 and shared secret keys 40,42 of ihe 
arrangement shown in Figure 3 . 
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It should be appreciated that as an alternative to push buttons 46, other means could be 
provided for allowing PIN entry. Alternatively, the user could be authorised to use the 
SIM by obtaining some other security information from the user and comparing this with 
data stored on the SIM 12. For example, the data obtained could be the user's jBbageiprint 
or some other characteristic which is unlikely to re-occur on another person. The details 
of the fingerprint (or other information) are stored on the SIM for comparison with the 
input data representing the characteristics. 

As an additional security feature in the Figure 3 embodiment, a display may be provided 
which displays the name of the application or organisation which requests information 
from the SIM 12, This would allow the user to monitor requests being made to their SIM 
12. 

If the respective interface drivers 36,3 8 and shared secret keys 40,42 described in relation 
to Figure 3 are used in a system which also includes the PIN entry and comparison 
arrangement described in relation to Figure 4, to provide an added level of security, the 
dongle 30 can be programmed to display the name of the application or organisation 
requesting data from the SIM 12 and may then prompt the user to approve the supply of 
data for each or selected applications/organisations by entering the user's PDSf using 
keypad 46. 

The dongle 30 may be used to facilitate transactions with data processing apparatus other 
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than PCs. For example, a user having an account with network 16 and being provided 
with a dongle 30 can insert the connector 34 into an appropriately configured slot m a 
parking meter which is connectable to the network 1 6. The SIM 12 contained within the 
dongle 30 is authenticated in the manner described above using a transaxjtion manager 
provided within Ihe parking meter. By this means, payment for parking can be made by 
deducting an appropriate amount from the user's account with the network 16. 
Advantageously, the dongle 30 willbeprovided withpushbuttons 46 andthe dongle will ' 
prompt the user to enteraPINwhichis compared to thePIN stored on the SIM so that the 

dongle 30 cannot be used by an unauthorised party. The dongie could be programmed to 
allow the push buttons 46, under control of the parking meter, to allow entry of data 
relevant to the transaction- for example, the length of time for which the parking space is 
required. 

The dongle 30 could, for example, also be used in a similar way with an appropriately 
configured DVD player to allow a fihn to be viewed on payment of a fee deducted from 
the user' s accouilt with the network 16. 

Figures 5A to 5D show a second configuration of a dongle indicated generally at 50. The 
dongle 50 does not include a display or push buttons. The dongle 50 is of generally 
elliptical cross-section and includes a generally rectangular aperture 52 formed in the top 
end thereof that aUows an electrical connector 54 of generaUy rectangular cross-section to 
emerge therefrom. The aperture 52 is closed by a closure member 56 which is generally 



19 

C-shaped in cross-section, extending from the top of dongle 50 along each side face 58, 
and pivotted about a centrally mounted pivot point 60. The comiection between the 
closure member 56 and the side walls 58 of the dongle 50 at the pivot point 60 allows the 
closure member 56 to be rotated about iiie pivot point 60 as shown by arrow 62. 

Figure 5C is a cross-section taken along line XX of Figure 5B and shows schematicaUy 
the mechanism by which the electrical connector 54 can be moved between a first 
position, shown in Figures 5A and 5B, where the comiector 54 is contained wholly within 
the casing of the dongle 50, and the second position, shown in Figures 5C and 5D, where 
the electrical comiector 54 protrudes from the casing of the dongle 50. The mechanism, 
for providing this movement of the electiical connector 54 comprises a rack 64 which is 
coupled to the comiector 54 and a cooperating pinion 66, mounted at pivot point 60, the 
teeth of which engage tlie rack 64. The pinion 66 is fixed with respect to the closure 
member 56. Rotation of the closure member 56 causes rotation of the pinion 66, which 
causes linear displacement of the rack 64 as shown by arrow 68. Of course, amechanism 
for slidably supporting the electrical connector 54 and rack 64 is provided in a manner 
that will be understood by those skilled in the art, and is not illustrated or described 
further here. 

Figures 6A to 6D show a third configuration of a dongle. As in the second configuration 

r 

of dongle described in relation to Figures 5A to 5D, the electrical connector 54 is movable 
between a first position, shown in Figures 6A and 6B, where it is contained completely 
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within the casing of the dongle 70, and a second position, shown in Figures 6C and 6D, 
where the connector 54 is shown extending from the casing of dongle 70. However, in 
the third configuration, the linear movement of the electrical coraiector 54 in the direction 
of arrow 68 is provided by rotating knob 72 with respect to the casing of dongle 70 as 
shown by arrow 74. Rotation of the knob 72 in a first direction causes the connector 54 to 
emerge from the casing of dongle 70, and rotation in the opposite direction causes the 
conuector 54 to be retracted within the casing of the dongle 70. Any suitable mechanism 
for converting the rotary motion of the knob 72 into linear motion of the connector 54 
may be provided. For example, a mechanism described in U.S. Patent No. 5813421 
(which is incorporated herein by reference) for a Hpstick swivel mechanism may be 
employed. Oiher sui^ble mechanisms will be known to those skilled in the relevant art 

The dongle 70 includes a display 48 for prompting the user to enter their PIN number 
and/or for displaying the PIN number as it is entered. The dongle 70, rather than having a 
series of push buttons (such as a numerical key pad) comprises a data entry knob 76 
which is mounted to the dongle for rotation as shown by arrow 78 and also for linear 
motion witih respect to the dongle as shown by arrow 80. Each digit of the PIN number is 
input by the user grasping the knob 76 and pulling it ia a direction away from Ihe casing 
of the dongle 70 (in the direction of arrow 80). An indication, such as a flashing cursor 
then appears on the display 48 indicating that the first digit of the PIN number is 
ejcpected. The number is input by rotation of the knob 76 (arrow 78), the displayed 
number increasing in value with further rotation of the knob 76. When the required 
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number appears on the display 48 the liser ccinfinns that this is the number they wish to 
input by pushing the knob 76 in the opposite direction to arrow 80. To input the next digit 
of the PIN number the knob 76 is again lifted (arrow 80) and the correct number is 
selectedbyrotation of the knob. The required number is entered by returning the knob 76 
to its original position by moving it in the direction opposite to the arrow 80. This 
procedure is repeated until all of the digits of the PIN number have been entered. Each 
digit of the PIN number as it is entered will be displayed on the display 48. 

In the Figure 6 A to 6D embodiment of the dongle 70, a piezo electric cell 82 is associated 
with the knob 80. The piezo electric cell 82 allows power to be generated by movement 
of the knob 76. This power may either be stored in an mtegral capacitor or may be stored 
in an optional cell 84 which is electrically coupled to the piezo electric cell 82. Such an 
arrangement obviates the requirement for the dongle 70 to have its own replaceable power 
source, whilst allowing the dongle to be operated when not connected to the PC 10. The 
charge generated by the piezo electric cell is transient, and after a period of time (for 
example, 5 minutes), the charge is dissipated and any PIN number entered by means of 
the knob 76 is lost from the memory of the dongle 70 and cannot later be retrieved even 
when power is supplied. This provides an additional security feature to the dongle 70. Of 
course, if the dongle 70 is connected to the PC 1 0 while the charge is still present (within 5 
minutes of entering Hie PIN in the example given above), the PIN can be verified and the 
dongle can then obtain power from the PC 10 via the connector 54 which allows 
authentication operations described above to be performed despite the transient nature of 
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ttie power firom the piezo electric cell 82. 

Figures 7A to 7D show a fourth configuration of dongle 90. La this embodiment the 
dongle 90 comprises a main body part 92 to which the electrical connector 54 is attached 
in a fixed position, and a removable protective cap 94 which, when in position, covers the 
main body 92 and the connector 54 to protect those continents and to provide the dongle 
90 with an attractive external appearance. 

At the top end of the main body 92 an aamular knob 96 is mounted to the body 92 for 
rotation with respect to the body 92, as shown by arrow 98 . The knob 96 includes a series 
of markings 100 visible to the user of the dongle 90 - for example, each mark 100 
indicating a different digit jfrom 0 to 9. A marking 102 is provided at the top of the casing 
92. In this embodiment, the first digit of the user's TIN number is entered by rotating the 
knob 96 until the correct digit of the PIN number (indicated at 100) is aligned with the 
mark 102. When, the relevant digit and the mark 102 are aligned, the user stops rotation 
of the knob 96. Wh^ movement of the knob 96 stops, the position of the knob 96 is 
recorded by the dongle 90 so that the digit of the PIN number can be detected. The next 
digit of the PIN number is entered by rotating the knob 96 in an anti-clockwise direction 
(opposite to arrow 98) until the relevant digit of the PIN number is aligned with marking 
102. Again, when the rotation of the knob stops, the position of the knob is recorded so 
that the PIN number can be recorded by the dongle 90. The next digit of the PIN number 
is entered by clockwise rotation of the knob 96, and so on, until all of the digits of the PIN 
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number is entered by clockwise rotation of the knob 96, and so on, until all of the digits 
of the PIN number have been entered. Hie manner of data entry using the knob 96 and 
the marking 102 is similar to that used to enter the combination of a safe. 

The dongle 90 further includes an optional digital camera 104 mouiited at the axis of 
rotation of the knob 96 (but fixed willi respect to the main body 92). Dongle 90 includes 
processing means and memory for storing one or more images captured by the camera 
104, and allows these images to be transferred to the PC 10 using the connector 54. 

Figures 8A to 8C show a fifth configuration of a dongle 1 10. The dongle 1 10 con^rises a 
casing 1 12 which has an opening 1 14 at one side thereof. Contained within the casing 
1 12 is a couplmg portion 1 16 to which the electrical connector 54 is fixed. The coupling 
portion 1 16 is connected to the casing 1 12 in such a manner that the coupling portion 1 16 
is rotatable about an axis indicated by dotted line 118. 

Connected to Hie loop connector 44 is aring 120, which provides a convenient means by 
means a sHdable part 122, which is mounted for sHding with respect to the casing 1 12, 
may be moved with respect to the casing 1 12 in the direction of arrow 124. By means of 
a rack and pinion or any other suitable mechanism (not shown) the movement of the 
sliding part 122 wilh respect to the casing 1 12 in the direction of arrow 124 is translated 
into rotational movement of the coiqjling portion 116 about the axis 1 18. The different 
positions that the coupling part 1 16 moves through as the sliding part 122 is moved with 
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respect to the casing 1 12 are shown by the ghost lines in Figure 8C. 

When the sUding part 122 reaches its maximum travel in the direction of arrow 124, the 
coupling part 116 is rotated 180* with respect to the casing 112. The coupling portion 
1 16 is returned to the position shown in Figures 8A and 8B by sUding the sUding part 
122 in the direction opposite to arrow 1 24. When the coiq)ling part 1 1 6 is in the position 
shown in Figures 8A and 8B, the connector 54 is protected by the sUding part 122. 

' The embodiments shown in Figures 5,6,7 and 8 provide various means by which the 
electrical comiector 54 can be concealed and protected when not required. 

In the Figure 6 embodiment the power source of the dongle is piezo electric ceU 82. 

A similar power source may be provided in the dongles illustrated in Figures 5,7 and 8, 
with power being generated by movement of the closure member 56 of the dongle 50 of 
Figure 5, the movement of the knob 96 of the dongle 90 of Figure 7, or movement of the 
sUding part 122 of Figure 8. Alternatively, or additionally, these dongles may include a 
replaceable battery or a rechargeable battery which is recharged when the dongle 
50,80,90,1 10 is connected to the PCIO. 



Whilst the dongles described include an electrical connector 54 which is shown as aUSB 
connector, it should be appreciated that any other suitable type of electrical connector 
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may be provided.' For example, the comiector 54 may be a SmartMedia (trade mark) 
device. Alternatively, data and/or power may be transmitted between the don^e and the 
PC 10 by "near field" technology, for example, in accordance with the Near Field 
Communication Interface and Protocol (NFCIP-1) protocol. If near field technology is 
employed, the provision of a movable electrical connector 54 will not be necessary. 

The dongles of Figures 5 to 8 may or may not include the dongle mterface driver 36 
described in relation to Figures 3 and 4. 

The dongles of Figures 6 and 7 may allow the PIN to be passed to the PCIO for 
validation, or such vaUdation may be performed within the dongle for improved security. 



Of course, the dongles of Figures 5 and 8 may be provided with a PIN entry means if 
required. 
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CLAIMS 

1. A device for connection to a data processing apparatus, the device including first 
coupling means for operative coupling to authentication storage means storing 
predetermined information relating to ihe auflientication of a transaction vnih the data 
processing apparatus; second coupling means for operative coupling to the data 
processing apparatus, the device when operatively coupled to the data processing 
apparatus beingresponsive to an au&entication process carried out viaacommunications 

link for authenticating the transaction, the authentication process involving the use ofthe 
predetermined information; security data entry means for obtaining security data 
independentiy ofthe data processing ^paratus; and means for storing the security data 
temporarily. 

2. The device of claim 1, wherein the security data is stored temporarily by means of 
a transient power source. 

3 . The device of claim 2, wherein the transient power source conqaises piezo electric 
means. 

4. The device of claim 3, wherein the piezo electric means comprises one or more 
piezo electric cells. 
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5. The device of claim 2,3 or 4, wherein the transient power source is chargedbythe 
security data entry means. 

6. The device of claim 2,3,4 or 5, wherein the transient power source comprises a 
rechargeable battery. 

7. The device of any one of claims 1 to 6, comprisiiig means for analysingthe entered 
security data for determining whether to allow access to the predetermined information. 

8. A device for connection to a data processing apparatus, the device including first 
coupling means for operative couphng to authentication storage means storing 
predetermined information relating to the authentication of a transaction with the data 
processing apparatus; second coupling means for operative coupling to the data 
processing apparatus; and configuration means for selectively rendering the second 
coupling means available for coupling to the data processing apparatus, the device when 
operatively coupled to the data processing apparatus being responsive to an authentication 
process carried out via a communications link for authenticating the transaction, the 
authentication process involving the use of the predetermined configuration information. 

9. The device of claim 8, wherein the configuration means comprises means for 
selectively making the second coupling means available extanally of the device housing. 
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10. The device of claim 9, wherein the configuration means comprises a removable 
cap. 

11. The device of claim 9, wherein the configuration means comprises a closure 
member coupled to and moveable with respect to the housing for selectively closing an 
aperture in the housing. 

12. The device of claim 11, comprising intercoimection means for connecting the 
closure member and the second coupling means, the arrangement being such that, as the 
closure member is moved to open the aperture, the second coupling means emerges firom 
the aperture. 

13. The device of claim 8, comprising a knob mounted on the device housing for 
rotation with respect thereto, and means for converting rotation of said knob into linear 
movement of the second coupling means such that rotation of said knob in a first direction 
causes the second coupling means to emerge from an aperture in the device housing and 
rotation of said knob in a second direction causes the second coupling means to be 
retracted through said aperture. 

14. The device of claim 9, wherein the device housing includes two parts moveable 
with respect to one another between a first arrangement where the second coupling means 
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is contained within the housing and a second arrangement where the second coupling 
means is exposed for comiection to the data processing apparatus. 

15. The device of claim 14, wherein the two parts are pivotally coupled together. 

16. The device of any one of claims 8 to 15, comprising security data entry means for 
obtaining security data independently of the data processing apparatus, and means for 
analysing the entered securiiy data for determining whether to allow access to the 
predetermined information. 

17. The device of any one of claims 8 to 15, coirprising security data entry means for 
obtaining security data independently of the data processing apparatus; and means for 
storing the security data temporarily. 

18. The device of any one of claims 1 to 17, wherein the device controls access to the 
predetermined information. 

19. The device of any one of claims 1 to 7 and 16 to 18, wherein the securiiy data entry 
means comprises alphanumeric data entry means. 



20. The device of any one of claims 1 to 7 and 16 to 19, wherein the security data entry 
means comprises a keypad. 
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21. The device of any one of claims 1 to 7 and 16 to 20, wherein the security data 
comprise a Personal Identification Number (PIN) and analysing means compares the PIN 
obtained by the secimty data means with a PIN stored on the authentication storage means 
and only allows access to the predetermined information when the respective PINs match. 

22. The device of any one of the preceding claims, comprising a display for displaying 
security information. 

23. The device of any one of the preceding claims, comprising a data processing 
module for controlling the communication with the data processing apparatus. 

24. The device of claim 23, wherein the data processing module of the device is 
configured for communicating with a corresponding data processing module of the data 
processing apparatus. 

25. The device of claim 24, wherein communication between the authentication 
storage means and the data processing apparatus is performed via the respective data 
processing modules. 

26 . The device of claim 23,24 or 25, wherein the data processing module of the device 
includes means for decrypting encrypted data received from the data processing module 
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of the data processing apparatus. 

27. The device of claim 23,24,25 or 26, wherein the data processing module of the 
device includes means for encrypting data transmitted to the data processing module of 
the data processing apparatus. 

28. The device of claims 26 or 27, wherein the respective data processing modules 
comprise a key for allowing encryption and/or decryption of data. 

29. The device of claim 28, wherein the key comprises a shared secret key for each of 
the respective data processing modules. 

30. The device of any one of the preceding claims, wherein the device is operatively 
coupleable to one of more of a plurality of said authentication storage means, each of 
which is registerable with a common teleconmiunication system, and wherein the 
authentication process is performed by a communications link with the 
telecommunications system. 

31.. The device of claim 30, in which the predetermined authentication information 
stored by each authentication storage means corresponds to information which is used to 
authenticate a user of that authentication storage means in relation to the 
telecommunications system. 
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32. The device of claim 31, ia which each user is authenticated in the 
telecommunications system by means of the use of a smart card or subscriber identity 
module (e.g. SIM), and in which the authentication storage means respective to that user 
corresponds to or simulates the smart card for that user. 

33 ; The device of any one of claims 1 to 32, in which the transaction is a transaction 
involving use of the data processing functions of the data processiag apparatus. 

34. The device of any one of claims 1 to 33, in which the authentication storage means 
is specific to that device. 

35. The device of any one of claims 1 to 34, in which the autiientication process 
involves the sending of a message and the generation of a response dependent on the 
message and the predetermined information. 

36. The device of any one of claims 30 to 35, wherein the telecommimications system 
includes means for levying a charge for the transaction when authorised. 

37. The device for any one of claims 1 to 7, 1 6 and 1 7, wherein the security data entry 
means comprises a rotary knob. 




38. The device of any one of the preceding claims in combination with the data 
processing apparatus. 

39. The device of any one of the preceding claims in- combination with the 
teleconmiunications sj^tem. 



40. A device substantially as described with reference to the accompanying 
diagrammatic drawings. 
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ABSTRACT (Figure 3) 

A device or "dongle" (30) is provided for controlling communications between a 
Subscriber Identity Module (or SIM) (12), such as of the type used in a GSM ceUular 
telephone system, and a computer, such as a Windows-based PC (10). The SIM (12) can 
be authenticatedby the telephone network, in the same way as for authenticating SIMs of 
telephone handset users in the network, and can in this way authenticate the user of the 
PC (10) or the PC (10) itself. Sucb authentication can, for example, peimituse of the PC 
(10) for a time-limited session in relation to a particular application which is released to 
the PC (10) after the authentication is satisfactorily completed. The application may be 
released to the PC (10) by a third party after and in response to the satisfactory completion 
of tbe authentication process. A charge for the session can be del)ited to the user by the 
telecommunications network and then passed on to the third party. The dongle (30) 
provides additional security for the authentication data stored on the SIM by requirmg a 
PIN to be entered and/or by only being responsive to requests received from the PC (10) 
which are encrypted using a key, which requests are generated by a special PC interface 
driver (38). The PDST may be stored only temporarily. The dongle (30) has an electrical 
connector (34), and means may be provided for selectively rendering the connector (34) 
available for coupling to the PC(10). 
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